ZTE Terminal After-Sales Service Privacy Policy

Updated：December of 2020

This policy applies only to after-sales service of ZTE Corporation’s terminal products (and all third-party applications or services accessed by them). If a third-party application or service has a separate privacy policy, the privacy policy of the application or service is applied preferentially. For the contents that are not covered by the application or service privacy policy, refer to this privacy policy.

This Privacy Policy is available in other languages. If there is any inconsistency, the English version shall prevail.

If you have any questions, comments, or suggestions, please contact us through the following means:

E-mail: [email protected]

Company Name: ZTE Corporation

Registered Address: ZTE Building, No. 55, Hi-Tech Road South, Nanshan District, Shenzhen, P.R. China

ZTE understands the importance of personal information to you, and will make every effort to ensure the security and reliability of your personal information. We are committed to maintaining your trust in us and abiding by the following principles to protect your personal information: consistency of authority and responsibility, clear purpose, selection of consent, minimum sufficiency, security, subject participation,  openness and transparency. Meanwhile, ZTE promises to take appropriate security measures to protect your personal information in accordance with well-established security standards in the industry.

Please read and understand this Privacy Policy carefully before using our products or services.

This policy helps you understand the following:

1. How we collect and use your personal information
2. How we use cookies and similar technologies
3. How we share, transfer, and disclose your personal information
4. How we protect your personal information
5. Your rights
6. How we process thepersonal information of children
7. How to transfer your personal information around the world
8. How to update this policy
9. Contact us

 

1. How we collect and use your personal information

Personal information refers to the information that is recorded electronically or in other ways and that can be used independently or in conjunction with other information to identify a specific natural person or reflect the activities of a specific natural person. ZTE will collect and use your personal information only for the following purposes described in this policy:

1. Provide you with maintenance services

When you test the product in our service centers, we will collect your test time, equipment model, equipment IMEI number, fault description information, and test results in order to determine the cause of the fault and provide you with further testing services. Due to the diversity of fault causes, if more information needs to be collected from you during the service process, we will explain the reason to you and collect it after obtaining your consent.

When you repair a product through our service centers, we will collect your repair time, equipment model, equipment IMEI number, fault description information, equipment purchase time, and test results in order to determine the cause of the fault and provide you with further repair services. Due to the diversity of fault causes, if more information needs to be collected from you during the service process, we will explain the reason to you and collect it after obtaining your consent.

When you need to mail your products for repairing, we will collect your repair time, equipment model, equipment IMEI number, fault description information, equipment purchase time, test results, your shipping address, recipient’s name, and recipient’s phone number.

When you need to check the spare parts price through the service center, we will collect your equipment model, fault description information, equipment purchase time.

Equipment model, equipment IMEI number, equipment purchase time, repair time, fault description information and test results are necessary contents for maintenance service. If you do not provide this information, we cannot provide you with maintenance services; if you need mail services, we will collect your shipping address, recipient’s name, and recipient’s phone number. The above information you provide will continue to be authorized to us to use while providing you with services.

If you are located in mainland China, the service will be provided by service centers in mainland China and the above information will be stored in China and will not be transferred to other countries or regions. If cross-border transmission is required, we will obtain your authorization separately.

If you are located outside mainland China, the above information will be stored in the country where the user is located. As the only way to distinguish ;the authenticity of the product, IMEI number will be transferred to China. As an important reference for subsequent product improvement, the fault information will be transferred to China. If you agree to this privacy policy, you will be deemed to have agreed to the cross-border transmission of this data. In case of further cross-border transmission outside China, we will obtain your authorization separately.

Personal information storage period: All information will be retained for 5 years from the date of collection in order to provide you with continuous and convenient services when you use our products and to avoid providing your information again when you consult again. Upon expiration, we will either delete your information or anonymize it.

1. Provide you with hotline advisory services

When you call our after-sales hotline, we will collect the necessary information to provide you with after-sales service. You can provide us with corresponding information according to the required service items, such as:

When you feedback the problems that happened in the use of the product through the hotline, we will collect your caller number, call time, your country/city, equipment model, equipment purchase place, purchase date, equipment IMEI number and fault description information, in order to provide you with further services. Due to the diversity of fault causes, if more information needs to be collected from you during the service process, we will explain to you and collect it after obtaining your consent.

When we need to mail products for you, we will collect your shipping address, recipient’s name, and recipient’s phone number.

When we need to query service centers for you, we will collect your geographic location.

When we need to check the out-of-warranty maintenance fee for you, we will collect your equipment model.

When we need to handle your complaints, we will collect your last service time and service content.

When we need to conduct a return visit to you, we will collect your phone number.

In addition, for purposes of backtracking, query, and Quality of Service evaluation, we will record your call and the conversation with you.

Your caller number, call time, your country/city, equipment model, equipment IMEI number, equipment purchase time, repair time, fault description information and test results are necessary contents for hotline consulting services. If you do not provide this information, we cannot provide you with hotline consulting services. The information of your shipping address, recipient’s name, recipient’s phone number, geographic location, time and content of the last service are not necessary to be collected, and will be collected according to your service requirements. The above information you provide will continue to be authorized to us to use while providing you with services.

If you are located in mainland China, the service will be provided by the China hotline and the above information will be stored in China and will not be transferred to other countries or regions. If cross-border transmission is required, we will obtain your authorization separately.

If you are located in Japan, South Korea, Spain, or Brazil, your hotline service is provided by Japan, South Korea, Spain, Brazil hotline and the above information will be stored in your local country and will not be transferred to other countries or regions. If cross-border transmission is required, we will obtain your authorization separately.

If you are located in Russian, your hotline service is provided by Russian hotline and the above information will first be stored in your local country. As the only way to distinguish the authenticity of the product, IMEI will be transferred to China. If you agree to this privacy policy, you will be deemed to have agreed to the cross-border transmission of this data. For cross-border transmission outside Russia and China, we will obtain your authorization separately.

If you are located in USA, Canada, UK, Australia, your hotline service is provided by India hotline and the above information will be stored in India. The information will be transferred to China for business settlement and business improvement, but not to other countries or regions. If you agree to this privacy policy, you will be deemed to have agreed to the cross-border storage of this data. For cross-border transmission outside India and China, we will obtain your authorization separately.

Personal information storage period: All information will be retained for 5 years from the date of collection in order to provide you with continuous and convenient services when you use our products and to avoid providing your information again when you consult again. Upon expiration, we will either delete your information or anonymize it.

1. Provide you with email consulting services

When you you send an email to our after-sales service mailbox to consult us, we will collect the necessary information to provide you with after-sales service. You can provide us with corresponding information according to the required service items, such as:

When you feedback the problems that happened in the use of the product through email, we will collect your email, email time, your country/city, device model, device purchase place, purchase date, device IMEI number and fault description information, so as to provide further services for you. Due to the diversity of fault causes, if more information needs to be collected from you during the service process, we will explain the reason to you and collect it after obtaining your consent.

When we need to mail products for you, we will collect your receiving address, recipient name, and recipient phone number.

When we need to query service centers for you, we will collect your geographic location.

When we need to check the out-of-warranty maintenance fee for you, we will collect your equipment model.

When we need to handle your complaints, we will collect your last service time, equipment model, equipment IMEI number, and fault description information.

When we need to conduct a return visit to you, we will collect your phone number.

Your email address, time of the letter, your country/city, equipment model, equipment IMEI number, equipment purchase time, repair time, fault description information and test results are necessary contents for email consultation services. If you do not provide this information, we cannot provide you with email consulting services. Your shipping address, recipient’s name, recipient’s phone number, geographic location, time and content of the last service are not necessarily collected content, and will be collected according to your service requirements. The above information you provide will continue to be authorized to us to use while providing you with services.

If you are located in mainland China, your email service is provided by ZTE’s global service mailbox, and the above information will be stored in China. If you agree to this privacy policy, you will be deemed to have agreed to the cross-border storage of this data. If cross-border transmission is required, we will obtain your authorization separately.

If you are located in Japan, South Korea, Spain, and Brazil, your mailbox service is provided by the local service mailboxes in Japan, South Korea, Spain, and Brazil. The above information will be stored in your country and will not be transferred to other countries or regions. If cross-border transmission is required, we will obtain your authorization separately.

If you are located in Russia, your mailbox service is provided by the Russian local mailbox, and the above information will firstly be stored in your country. As the only way to distinguish the authenticity of the product, IMEI will be transferred to China. If you agree to this privacy policy, you also agree to the cross-border transmission of this data. For cross-border transmission outside Russia and China, we will obtain your authorization separately.

Personal information storage period: All information will be retained for 5 years from the date of collection in order to provide you with continuous and convenient services when you use our products and to avoid providing your information again when you consult again. Upon expiration, we will either delete your information or anonymize it.

1. Provide you with network consulting services

When you use online channels to consult us, we will collect the necessary information to provide you with after-sales service. You can provide us with corresponding information according to the required service items, such as:

When you feedback the problems that happened in the use of the product through ZTE online channels (including but not limited to ZTE Customer Service APP, ZTE Community, ZTE Mall, ZTE Share Forum) and third-party network channels (including but not limited to WeChat official account, Weibo, Butler WeChat, QQ, online sales Platforms, forums) , we will collect your network account, consulting time, device IMEI number, device model, version number, fault description information, in order to determine the cause of the fault, and provide you with further information consultation service. Due to the diversity of fault causes, if more information needs to be collected from you during the service process, we will explain the reason to you and collect it after obtaining your consent.

When we need to mail products for you, we will collect your shipping address, recipient’s name, and recipient’s phone number.

When we need to query service centers for you, we will collect your geographic location.

When we need to check the out-of-warranty maintenance fee for you, we will collect your equipment model.

When we need to handle your complaints, we will collect your last service time, equipment model, equipment IMEI number, and fault description information.

When we need to conduct a return visit to you, we will collect your phone number.

Network account number, consultation time, equipment IMEI number, equipment model, version number, and fault description information are all necessary contents for the development of network consulting services. If you do not provide this information, we cannot provide you with network consulting services. The information of  your shipping address, recipient’s name, recipient’s phone number, geographic location, time and content of the last service is not necessary to collect, which will be collected according to your service requirements. The above information you provide will continue to be authorized to us to use while providing you with services.

The above information will be stored in servers deployed in different network channels.For deployment on servers of third-party network channels, please check the third-party’s separate privacy instructions. The servers of ZTE Networks channels are deployed in China and will not be transferred to other countries or regions. If cross-border transmission is required, we will obtain your authorization separately.

Personal information storage period: All information will be retained for 5 years from the date of collection in order to provide you with continuous and convenient services when you use our products and to avoid providing your information again when you consult again. Upon expiration, we will either delete your information or anonymize it.

If we want to use the information for other purposes not specified in this policy, we will seek your approval in advance. If we want to use the information collected for specific purposes for other purposes, we will seek your approval in advance.

1. How we use Cookies and similar technologies

When we provide you with after-sales service through online channels, our online platform may use cookies and similar technologies. For how such technologies collect and use your information, please read the Cookie Policy of the network platform for detailed information.

• How we share, transfer and disclose your personal information

To ensure the security of your personal information, we shall follow the minimization principle and share, transfer, or disclose your personal information in accordance with applicable laws and requirements.

For the companies, organizations, and individuals that share personal information with us, we will take organizational and technical measures in accordance with the local laws and regulations, and require them to process personal information in accordance with our security standards, this policy, and related confidentiality and security measures.

1. Sharing

We will not share your personal information with any company, organization, or individuals other than ZTE Corporation and its subsidiaries, except in the following cases:

• After obtaining your explicit consent, we will share your personal information with other parties.
• We may share your personal information in accordance with laws and regulations or mandatory requirements of government authorities.
• Share with authorized partners: Our maintenance, hotline, email and network services will be provided by authorized partners in various countries only for the purposes stated in this policy. We may share some of your personal information with our partners to provide better customer services and user experience.

Currently , our authorized partners include the following four types:

• After-sales service partner. Our “maintenance service” will be provided by ZTE’s after-sales service partnersin various countries around the world. ZTE will share all the information listed in this service with our authorized after-sales service partners. The after-sales agent will collect and process your personal information only for this purpose.
• Hotline service partner. Our “hotline consulting service” will be provided by ZTE’s hotline service partnersin different countries around the world. ZTE will share all the information listed in this service with our authorized hotline service partner. The hotline service partner will collect and process your personal information only for this purpose.
• Network platform provider. Our “online consulting services” may be provided throughthird-party network channels, and the data collected by the service will be stored on the servers of the third-party network channels. Such network platform providers provide the network platform for us to use, and collect and store all the information corresponding to the service provided on the platform. In addition, it does not involve additional data collection or other processing actions on the data.
• Logistics service provider. In all of our services, if weneed to deliver goods to you, the corresponding logistics services will be provided by ZTE logistics service providers in different countries around the world. ZTE will share the personal information required for logistics services with our authorized logistics service providers, including your receiving address, recipient name, and recipient phone number.

We will only share your personal information for legal, legitimate, necessary, specific, and clear purposes, and will only share personal information necessary to provide services. Our partners have no right to use the shared personal information for any other purpose.

We will sign strict confidentiality agreements with companies, organizations, and individuals with which we share personal information, and require them to process personal information in accordance with our instructions, this privacy policy, and any other relevant confidentiality and security measures.

1. Transfer

We will not transfer your personal information to any company, organization or individual except in the following cases:

• Transfer with express consent: After obtaining your express consent, we will transfer your personal information to other parties.
• If personal information transfer is involved in a merger, acquisition, or bankruptcy liquidation, we will require new companies or organizations that hold your personal information to continue to be subject to this privacy policy. Otherwise, we will require the companies or organizations to re-request authorization from you.

1. Public Disclosure

We will disclose your personal information only in the following cases:

• With your express consent.
• Disclosure based on law: We may disclose your personal information in case of law, legal procedure, litigation, or mandatory requirements of government authorities.

1. How we protect your personal information
2. We have takenthe security protection measures that comply with industry standards to protect the personal information provided by you against unauthorized access, public disclosure, use, modification, damage or loss. We will take all reasonable and feasible measures to protect your personal information.

We use encryption technologies to ensure data confidentiality. We use trusted protection mechanisms to prevent data from being maliciously attacked. We will deploy access control mechanisms to ensure that only authorized personnel can access personal information. In addition, we will hold the training course on security and privacy protection to enhance employees’ awareness of the importance of personal information protection, and regularly check to ensure that all authorized partners strictly abide by our work specifications.

1. Our data security capabilities:

We have been committed to protecting your personal information security.

We have taken various security measures, such as access control system, monitoring system, encryption, anonymization or pseudonymisation, employee training and so forth, to protect your personal information from unauthorized access, use, disclosure, modification, damage or loss and other forms of illegal processing.

We have developed a business continuity plan to ensure that services can be provided continuously. Our information security policies and procedures are designed in strict accordance with international standards, and reviewed and updated regularly, and the effectiveness of the security management architecture and measures is ensured through regular third party security audits. ZTE Corporation and some of its subsidiaries have passed the ISO 27001 information security certification, and can effectively protect your personal information. In case of personal information leakage, we will initiate an emergency plan, take effective measures to prevent the situation from getting worse, and notify the relevant supervisory authority and you in a timely manner.

1. We will take all reasonable and feasible measures to ensure that irrelevant personal information is not collected. We will retain your personal information only for the period required to achieve the objectives specified in this policy, unless the retention period needs to be extended or is permitted by law.
2. We shall regularly update and publicize the contents related to reporting such as security risks ,personal information security impact assessments and so forth . If we affect your personal information rights in security assessment reports, we will actively disclose security risks. You can obtain detailed report contents in the following way:

E-mail: [email protected]

1. The Internet environment is not 100 percent secure. We will do our best to ensure or guarantee the security of any information you send us. If our physical, technical or management protection facilities are damaged, which results in unauthorized access, public disclosure, tampering or damage that affects your legal rights and interests, we shall assume the corresponding legal responsibilities.
2. When personal information security incident occurs, we will inform youof the basic situation and possible impact of the security incident in a timely manner, the measures we have taken or will take, suggestions for voluntarily preventing and reducing risks, and remedial measures for you. We will inform you of the incident by email, letter, telephone or pushing notification in a timely manner. If it is difficult to inform the subjects of personal information one by one, we will release the notice in a reasonable and effective manner.

In addition, we will actively report the handling of personal information security incidents in accordance with the requirements of the regulatory department.

1. Your rights

In accordance with personal information protection laws, regulations, standards, and common practices in other countries and regions, we guarantee that you have the following rights over your personal information:

1. Access to your personal information

You have the right to access your personal information, except for exceptions as required by laws and regulations. If you want to exercise data access rights, you can access the data by yourself in the following ways:

You can query your personal information by consulting service personnel at service centers, calling the after-sales hotline, sending e-mails to the after-sales service mailbox, or consulting customer service personnel through various network channels.

You can also send an e-mail to [email protected], or submit the request by login the data subject right response system: pdsr.zte.com.cn. We will respond to your access request within 15 working days. As long as we do not need to make too many efforts, we will provide you with other personal information generated when you use our products or services.

1. Correct your personal information

When you find that your personal information processed by us is incorrect, you have the right to request us to correct it. You can apply for a correction through the methods listed in “(1) Access to your personal information”. If you cannot correct this personal information through the above links, you can email [email protected] or submit the request by login the data subject right response system: pdsr.zte.com.cn at any time, we will reply to your request within 15 working days.

1. Delete your personal information

You can submit a request for deleting personal information in the following cases:

• we violatedlaws and regulations.
• we did not obtainyour consent.
• we violatedan agreement with you.
• youwill not use our products or services any longer, or your account is canceled.
• we do notprovide products or services for you.

If we decide to respond to your deletion request, we will also notify the entities that obtain your personal information from us and require them to delete your personal information in a timely manner, unless required by other laws and regulations, or these entities obtain your independent authorization. After you delete information, we may not immediately delete the corresponding information in the backup system, but we will delete the information during the backup update.

1. Personal information subjects obtain copies of personal information

Each business function requires some basic personal information to be completed (see “Part One” of this policy). If there is any need to collect and use additional personal information, we will explain the reason to you and collect it after obtaining your consent. You can give or withdraw your authorization consent at any time.

You can send an email to [email protected], or apply for a right response through the data subject right response system [path: pdsr.zte.com.cn]. We will respond to your access request within 15 working days.

After you withdraw your consent, we will no longer process the corresponding personal information. However, your decision to withdraw your consent will not affect the previous processing of personal information based on your authorization.

1. Restrain Automatic decision-making of the information system

In some business functions, we may make decisions only based on non-manual automatic decision-making mechanisms such as information systems and algorithms. If these decisions have a significant impact on your legal rights and interests, you have the right to ask us for an explanation, and we will provide appropriate relief methods.

1. Respond to your above requests

To ensure security, you may need to provide a written request or prove your identity in other ways. We may ask you to verify your identity before processing your request, and we will respond within 15 working days.

In principle, we do not charge for your reasonable requests, but we will charge for repeated requests that exceed a reasonable limit. We may reject requests that repeat unreasonably, require excessive technical means (for example, development of a new system or a fundamental change of current practice), and bring risks to other people’s legitimate rights and interests or that are extremely impractical (for example, involving information stored on the backup tape).

We will not be able to respond to your request in accordance with laws and regulations if:

• The case is directly related to national security and national defense security.
• The case is directly related to public safety, public health, and major public interests.
• The case is directly related to any criminal investigation, prosecution, trial, and execution of a judgment.
• There is sufficient evidence that you have subjective malice or abuse of rights.
• Responding to your request will cause serious damage to the legal rights and interests of yours or other individuals’ and organizations’.
• Business secrets are involved.

1. Howwe process the personal information of children

Our services are mainly for adults. Without the consent of parents or guardians, we will not provide services for children’s own consultation.

If the personal information of children is collected with the consent of their parents, we will only use or disclose this information with the permit of law,the express consent of parents or guardians or the necessary protection of children.

Although local laws and customs define children differently, we regard anyone under 14 as a child.

If we find that we have collected personal information of children without obtaining confirmed parental consent, we will try to delete the information as soon as possible.

• Howto transfer your personal information around the world

Your personal information will be stored as listed in “1. How we collect and use your personal information” , and will not be transferred to other countries or regions. If there is a need to transfer, we will inform you in advance and obtain your consent.

We will take steps designed to comply with all applicable local laws when Processing personal information, including any local law conditions and restrictions on the transfer of personal information. We may also protect your data through other legally valid methods, including international data transfer agreements.

Persons located within the European Economic Area (“the EEA”):

We takes steps to ensure that appropriate technical and organizational security measures and safeguards are applied when transferring personal information outside of the EEA and that privacy rights outlined in this Policy are preserved. We has established Standard Contractual Clauses of the EU Commission as providing an adequate level of protection to the personal information we Process globally. We ensures that all transfers of Personal Information are subject to appropriate safeguards as defined by the regulation.

• How to update this policy

Our privacy policy may change.

Without your express consent, we will not reduce your rights under this privacy policy.

We will release any changes to this policy on this page. For major changes, we will also provide more noticeable notifications (including notifications for some services, which will be sent via email to describe the specific changes in the privacy policy).

Major changes mentioned in this policy include but are not limited to the following situations:

1. Our service model has significantly changed. For example, the purpose of processing personal information, the type of processed personal information, and the mode of using the personal information.
2. Major changes have taken place in the ownership structure and organizational structure. Such as changes in owners caused by business adjustment or bankruptcy or mergers and acquisitions.
3. The major objects of personal information sharing, transfer, or public disclosure are changed.
4. Your right to participate in the processing of personal information and the way you exercise it have changed significantly.
5. Our responsible department for personal information security, contact method, or complaint channel have
6. The personal information security impact assessment report indicates a high risk.

We will also archive the old version of this policy for your reference.

1. Contact us

We have established a special personal information protection department – Data Protection Compliance Dept.. If you have any questions, comments, or suggestions on this privacy policy, please feel free to send an email to us at Privacy @zte.com.cn, which will be replied within 15 working days.

In addition, you can send letters to the Data Protection Compliance Dept. of ZTE headquarters.

To: Data Protection Compliance Dept. of ZTE Corporation

Address: 26/F, R&D Building, No. 55, Hi-Tech Road South, Shenzhen, China (Post Code: 518057)

If you are unsatisfied with our response, especially when our personal information processing activities have damaged your legal rights and interests, you can seek solutions through the local data protection agency.

For contact information about personal information supervisory authority in other areas, you can consult the local government. For the contact information of the European Union data protection agency, please refer to: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm